Known Issues in Correlation Rules

ID	Description
CRB-2368	If you enter a description containing multiple lines, Case Manager incidents created using Correlation Rules may contain `\n` escape sequences in the incident description because `\n` represents "end of line".
CRB-2767	If a sequence detects the absence of a specific field value and you use the Group by Field functionality on that field, the correlation rule incorrectly triggers on the absence of grouped fields for which the sequence doesn't query. For example, if you use the Group by Field functionality on the `host` field, and the sequence queries for host:"2.2.2.2", the rule triggers on the absence of host:"2.2.2.2" but also on the absence of host:"1.1.1.1" and host:"3.3.3.3".

Description

CRB-2368

If you enter a description containing multiple lines, Case Manager incidents created using Correlation Rules may contain \n escape sequences in the incident description because \n represents "end of line".

CRB-2767

If a sequence detects the absence of a specific field value and you use the Group by Field functionality on that field, the correlation rule incorrectly triggers on the absence of grouped fields for which the sequence doesn't query.

For example, if you use the Group by Field functionality on the host field, and the sequence queries for host:"2.2.2.2", the rule triggers on the absence of host:"2.2.2.2" but also on the absence of host:"1.1.1.1" and host:"3.3.3.3".

Correlation RulesCorrelation Rules Release Notes

Table of ContentsTable of Contents

Known Issues in Correlation Rules